Seize FSMO Roles

As part of our disaster recovery exercise, we cut off connection to a currently replicating domain controller to be used in the exercise.  This requires that we seize FSMO roles on the domain controller to be used in the exercise after the connection has been cut.

We found that using NTDS util and the steps below, took a long time.  It was much faster when we used PowerShell!

Old way with NTDSutil:

  1. Log on to DC01 as Enterprise Administrator.
  2. Open a CMD prompt using Run as Administrator.
  3. Type: ntdsutil and press Enter.
  4. Type: roles and press Enter.
  5. Type: connections and press Enter.
  6. Type: connect to server DC01 and press Enter.
  7. Type: q and press Enter.
  8. Type: seize schema master and press Enter.
  9. Type: seize domain naming master and press Enter.
  10. Type: seize rid master and press Enter.
  11. Type: seize pdc and press Enter.
  12. Type: seize infrastructure master and press Enter.
  13. Type: q and press Enter.
  14. Type: q and press Enter.

New way with PowerShell:

Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force

Note:  This action requires the Active Directory module.  Depending on the PowerShell version you are using, you may need to import the module first (Import-Module ActiveDirectory).